Security certification and labelling in Internet of Things

In recent years, security and privacy aspects of IoT have received considerable attention from the industry and research communities. Because IoT will be more pervasive in the everyday life of the citizens, and it may be used in safety related applications (e. g., road transportation), its security threats may be more damaging than conventional Internet threats. Due to processing and memory constraints, the provision of security functions could be quite challenging in IoT. In addition, IoT devices must operate in a dynamic environment in terms of communication interfaces and fast upgrade cycle (e. g., patching), which imposes severe security requirements to designer and developers. Privacy aspects are also relevant because of the large amount of data collected by IoT sensors. In this context, the security certification of IoT devices is an important element to support the development and deployment of trusted IoT systems and applications. The objective of this paper is to investigate IoT security certification taking into consideration the current security certification frameworks, standards, and their related limitations identified by the industry and research communities. This paper proposes a new approach for security certification in IoT, which addresses the identified limitations and links formal models to testing and certification.